Free solutions for detecting proxies

  • Thread starter Jarfi
  • Start date
In summary, there are various free solutions available for detecting proxies. These include online tools, browser extensions, and software programs that use different methods such as IP scanning, DNS lookup, and data analysis to identify proxy usage. These solutions can be useful for individuals and organizations to protect their online security and prevent unauthorized access. However, it is important to note that these free solutions may not be as reliable or comprehensive as paid options, and may also have limitations in detecting more advanced or private proxies.
  • #1
Jarfi
384
12
For security reasons, There is an IP-logger on my website, also logging reference page. What I've noticed is repeated visitors from Beijing, Microsoft or Google INC. Also getting visits from websites like: "http://hvd-store.com/".

How can I detect a proxy without paying for some service? I've been estimating proxies from Network Organization information and by googling the IP, but I don't have any automatic mechanism that I can use to display threat-info or into the page for other admins to see, something like "detected proxy"/"Individual".

And is there a way to detect and differentiate bots, search-spiders and proxies? it's hard to be sure if the ones from Microsoft and Google INC are web-spiders or someone with bad intents.

An example of a suspicious visit logged:

Network Organization: AS16276 OVH SAS
Ref-page: http://hvd-store.com/
IP: 176.31.182.218
Location: Paris
Browser: Google Chrome

A bot that hangs around,

Network Organization: AS55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Ref-page: no ref-page
IP: 180.76.15.34
Location: Beijing
Browser: Unknown

I thought this was a spider, but it has a browser so I am led to believe it's something different:

Network Organization: AS15169 Google Inc.
Ref-page: no ref-page
IP: 66.249.93.252
Location: Mountain View
Browser: Mozilla Firefox

-Thanks in advance.
 
Last edited by a moderator:
Technology news on Phys.org
  • #3
It's a probability game. For instance you can find lists of Tor exit node IPs, that will give you some clue. But I can tell you from a pure computer science perspective, its just not possible to detect all proxies, even if you pay for a service. As a thought experiment, imagine someone A who calls a friend B and tells them to visit your page, and read what they find there. How do you detect anything about A from B? You don't, and digital versions of the same process will reveal nothing about A either. Download Teamviewer, and launch a browser on a remote computer to view your site. How can you tell that its being remotely invoked by Teamviewer and seen by another computer? You can't. Its really something you need to set aside to accomplish your security goals.
 
  • #4
176.31.182.218 is listed as a TOR exit node.

180-76-15-34 has hostname baiduspider-180-76-15-34.crawl.baidu.com

66.249.93.252 has hostname google-proxy-66-249-93-252.google.com

If I was going to try to do this I would check headers, proxy lists, tor exits, and check for open common proxy ports and do an automated search on google like +"66.249.93.252" proxy

But Foolality is right. Can't get them all. And some proxy accesses might be legit (didn't all AOL accesses come through a proxy? don't remember).

Logging what people throw at your computer is a great way to collect exploits. I would think one could look for suspicious requests and list those IP's (but maybe that's impractical -- I'm not a security expert)
 
  • #5
"hvd-store.com" turned up in my website log file today:

89.105.194.71 - - [14/Aug/2015:00:47:13 -0400] "GET / HTTP/1.1" 301 230 "http://[/COLOR]hvd-store.com/" [/PLAIN] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
89.105.194.71 - - [14/Aug/2015:00:47:14 -0400] "GET / HTTP/1.1" 200 3095 "http://[/COLOR]hvd-store.com/" [/PLAIN] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"


These are requests for my home page (GET /) from the IP address 89.105.194.71, which appear to be the result of clicking on a link on the home page at http://hvd-store.com/. I haven't gone to hvd-store.com to look, but I would wager strong odds that there is not actually a link to my site there. It would probably at best try to sell me something, or at worst try to infect my computer with malware. This is called "referrer spam", which tries to trick curious website owners into following the links to see who is apparently linking to their sites. It's created by bots which fetch pages from your site, inserting the spam site URL into the referrer field of the requests.

Whenever I see a new referrer in my log file, and it doesn't seem to be related to the topic of my site, I do a Google search on it to try to find out something about it, before deciding whether to click on the link. In this case I didn't find anything for "hvd-store.com" which gave any indication of what this site is actually about, which is why I didn't go there. This thread turned up on the first page of that search. :smile:

http://whatismyipaddress.com/ip-lookup gives the following information about the originating IP address:

IP: 89.105.194.71
Decimal: 1500103239
Hostname: tor-exit-readme.as24875.net
ASN: 24875
ISP: Avira B.V.
Organization: Avira B.V.
Services: http://whatismyipaddress.com/ip-services
http://whatismyipaddress.com/ip-services
Recently reported forum spam source. (83)

http://whatismyipaddress.com/hostname-ip gives me the following IP addresses for hvd-store.com:

Lookup Hostname: hvd-store.com
Lookup IPv4 Address: http://whatismyipaddress.com/ip/208.73.210.217
Lookup IPv4 Address: http://whatismyipaddress.com/ip/208.73.211.178
Lookup IPv4 Address: http://whatismyipaddress.com/ip/208.73.210.200
Lookup IPv4 Address: http://whatismyipaddress.com/ip/208.73.210.214

Plugging the first address back into the ip-lookup tool gives me

General IP Information
IP: 208.73.210.217
Decimal: 3494499033
Hostname: 208.73.210.217
ASN: 40034
ISP: Oversee.net
Organization: Confluence Networks
Services: None detected
Type: http://whatismyipaddress.com/broadband
Assignment: http://whatismyipaddress.com/dynamic-static
Blacklist:
Geolocation Information
Continent: North America
Country: United States
us.png

State/Region: California
City: Los Angeles
Latitude: 34.0533 (34° 3′ 11.88″ N)
Longitude: -118.2549 (118° 15′ 17.64″ W)
Postal Code: 90071
 
Last edited by a moderator:

FAQ: Free solutions for detecting proxies

What is the purpose of using a free proxy detection solution?

A free proxy detection solution is used to identify and block any unauthorized access to a network or website. It helps to protect against potential cyber attacks and maintain the security of the network.

How does a free proxy detection solution work?

A free proxy detection solution works by analyzing the IP address of the incoming request and comparing it to a list of known proxy servers. If the IP address is found on the list, it is flagged as a potential proxy and the request is either blocked or further scrutinized.

Are free proxy detection solutions reliable?

While free proxy detection solutions can be effective, they may not always be 100% reliable. Some proxies may not be included in the list, and others may be able to bypass detection. It is important to regularly update and maintain the list of known proxies to improve reliability.

Can a free proxy detection solution be customized?

Yes, a free proxy detection solution can be customized to fit the specific needs of a network or website. This can include adjusting the sensitivity of the detection, creating whitelists for trusted IP addresses, and setting up notifications for potential proxy usage.

Is it necessary to use a paid proxy detection solution?

Not necessarily. While paid proxy detection solutions may offer more features and a larger database of known proxies, a free solution can still provide effective protection for most networks and websites.

Similar threads

Replies
4
Views
3K
Replies
0
Views
96K
Back
Top